I’m developing a WordPress theme that offers the ability to change site’s color from the Theme panel. My idea is :
- Admin select some colors from the Theme panel, then click save button.
- After color options are saved, use lessphp! class to recompile the style.less file to style.css file.
But I wonder is this good or bad practice ? Because in order to do it, the style.css file must be writable (chmod 666 ?), and I read somewhere that with that permission, others on the same server can overwrite that file, and add bad script to it.
I know another way to do the color changing, is output the changed color right from the tag of the page. But with many color to change, I think this way is inconvenience.
So, what do you think about my idea ? If it’s bad practice, is there any way to do the color changing ?
It can be writable only by server 655 or by group 665 you don’t have to allow anybody to write this file.
Secondly: if there are others on web server then you have security issues and changing style.css is your least problem.
Anyway this shouldn’t be a seen as a bad practice – just the design of an extension.
No it’s not a bad practice as long as you set permissions to edit files in the back-end. Since this is going to be an activity by the admins on the back-end it should not effect the performance of front-end template.
If it happens server side, nothing wrong with it. If you were using a client side compiler, I’d be concerned about a JS failure breaking your site.
This could also introduce latency to your site. You might want to look into using a cacheing plugin like QuickCache to pre-compile your site for better performance: http://wordpress.org/plugins/quick-cache/